+++ /dev/null
-/*
- * sysIdTool.cpp
- */
-
-#include <stdlib.h>
-#include <strings.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <Security/Security.h>
-#include <utilLib/common.h>
-#include <clAppUtils/identPicker.h>
-#include <clAppUtils/printCertName.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-
-static void usage(char **argv)
-{
- printf("usage: %s command domain [options]\n", argv[0]);
- printf("Commands:\n");
- printf(" s -- select with picker, set as identity for domain\n");
- printf(" d -- display identity for domain\n");
- printf(" D -- delete identity for domain\n");
- printf("Options:\n");
- printf(" -v -- verbose display of certs\n");
- printf(" -l -- loop for malloc debug\n");
- printf(" <none for now>\n");
- /* etc. */
- exit(1);
-}
-
-
-static int selectId(CFStringRef domain)
-{
- /* open system keychain */
- SecKeychainRef kcRef;
- const char *sysKcPath = kSystemKeychainDir kSystemKeychainName;
-
- OSStatus ortn = SecKeychainOpen(sysKcPath, &kcRef);
- if(ortn) {
- cssmPerror("SecKeychainOpen", ortn);
- exit(1);
- }
-
- /* pick an identity */
- SecIdentityRef idRef = NULL;
- ortn = sslSimpleIdentPicker(kcRef, &idRef);
- CFRelease(kcRef);
- if(ortn) {
- printf("IdentityPicker aborted\n");
- return -1;
- }
-
- ortn = SecIdentitySetSystemIdentity(domain, idRef);
- if(ortn) {
- cssmPerror("SecIdentitySetSystemIdentity", ortn);
- }
- else {
- printf("...system identity set.\n");
- }
- CFRelease(idRef);
- return ortn;
-}
-
-static void printCFString(
- const char *label,
- CFStringRef cfString)
-{
- char cstr[300];
- if(!CFStringGetCString(cfString, cstr, sizeof(cstr),
- kCFStringEncodingUTF8)) {
- printf("***Error converting %s to UTF8\n", label);
- }
- else {
- printf("%s '%s'\n", label, cstr);
- }
-}
-
-static int showId(CFStringRef domain, bool verbose)
-{
- SecIdentityRef idRef = NULL;
- CFStringRef actualDomain = NULL;
- OSStatus ortn;
-
- ortn = SecIdentityCopySystemIdentity(domain, &idRef, &actualDomain);
- if(ortn) {
- cssmPerror("SecIdentityCopySystemIdentity", ortn);
- return ortn;
- }
- SecCertificateRef certRef = NULL;
- ortn = SecIdentityCopyCertificate(idRef, &certRef);
- if(ortn) {
- cssmPerror("SecIdentityCopyCertificate", ortn);
- CFRelease(idRef);
- return ortn;
- }
- CSSM_DATA certData;
- ortn = SecCertificateGetData(certRef, &certData);
- if(ortn) {
- cssmPerror("SecCertificateGetData", ortn);
- CFRelease(idRef);
- CFRelease(certRef);
- return ortn;
- }
-
- printCFString("Identity obtained for domain", domain);
- if(verbose) {
- printf("\n ---- System Identity Certificate ----\n");
- printCert(certData.Data, certData.Length, CSSM_FALSE);
- printf(" ---- End of System Identity Certificate ----\n");
- }
- else {
- printCertName(certData.Data, certData.Length, NameIssuer);
- }
- printCFString("Actual domain :", actualDomain);
- CFRelease(idRef);
- CFRelease(certRef);
- CFRelease(actualDomain);
- return 0;
-}
-
-int main(int argc, char **argv)
-{
- char op;
- char *domain;
-
- if(argc < 3) {
- usage(argv);
- }
- op = argv[1][0];
- domain = argv[2];
-
- bool verbose = false;
- bool loop = false;
-
- //extern char *optarg;
- int arg;
- optind = 3;
- while ((arg = getopt(argc, argv, "hvl")) != -1) {
- switch (arg) {
- case 'v':
- verbose = true;
- break;
- case 'l':
- loop = true;
- break;
- case 'h':
- usage(argv);
- }
- }
- if(optind != argc) {
- usage(argv);
- }
-
- CFStringRef cfDomain = CFStringCreateWithCString(NULL, domain, kCFStringEncodingASCII);
- int ourRtn = 0;
- do {
- switch(op) {
- case 's':
- ourRtn = selectId(cfDomain);
- break;
- case 'd':
- ourRtn = showId(cfDomain, verbose);
- break;
- case 'D':
- ourRtn = SecIdentitySetSystemIdentity(cfDomain, NULL);
- if(ourRtn) {
- cssmPerror("SecIdentitySetSystemIdentity(NULL)", ourRtn);
- }
- else {
- printf("...system identity assignment deleted.\n");
- }
- break;
- default:
- usage(argv);
- }
- if(ourRtn) {
- break;
- }
- if(loop) {
- fpurge(stdin);
- printf("q to quit, CR to loop again: ");
- if(getchar() == 'q') {
- break;
- }
- }
- } while(loop);
- return ourRtn;
-}
projects / apple / security.git / blobdiff